Implications of the iPhone 5S Fingerprint Scanner

A phone used to be a simple device you would make phone calls with. It could have your contact list, or even a log of recent contacts, but that was about it. The idea of security when it came to a mobile phone wasn’t high on many people’s priority lists.

However, now most of us carry smartphones around. These devices are capable of far more, including email, text, web browsing and more. It’s literally a small computer in your pocket, and the power of a modern smartphone is far more than a desktop computer from just over a decade ago. So, obviously security has become a big deal, since anyone with our phone could get access to a myriad of data about us.

We use passwords, PIN codes, gestures and encryption to try and protect our devices. Now, Apple is upping the stake with the first mass market smartphone with a fingerprint scanner built into it. The iPhone 5S has a home button that doubles as a thumb scan, not only to unlock the phone but also your iTunes account, and potentially other apps. Is it a step in the right direction, though? First, let’s see how the iPhone scanner works, and then think about what it may mean for the future of mobile devices, and security in general.

There are two types of fingerprint scanners in use today, optical scanners and capacitance screens.

You can think of an optical scanner as a tiny camera with a built-in light. The LED will project a strong light on your fingertip, and then a black and white CCD camera will capture the light and shadows, to find out where the peaks and valleys are in the fingerprint itself. Then, an algorithm simply compares the result with what it has on file. It doesn’t store the actual image, instead just a list of intersection points, areas where those peaks and valleys converge. If enough match, then you have a pretty good chance the fingerprint is legit.

It’s very inexpensive to have a fingerprint scanner, because these CCD scanners don’t cost a lot of money, but they aren’t very precise. The camera relies on the light to bounce off your finger, but a number of things can make the print less ideal, like dirt particles.

Instead, the iPhone 5S relies on a capacitance device. There are two types of capacitance scanners; passive and active ones.

Passive scanners rely on the small electromagnetic charge in the human body. The scanner itself is made of a bunch of tiny sensors which can detect, when you place your thumb on them, whether they are touching skin or not. Those that are against the ridges of your finger will be on, and those against the valleys will be off, since there will be an air gap between them. This however requires a clean scanner and finger, because there must be nothing between the two, not even dirt.

An active scanner however, like what most modern fingerprint scanners use, provides electricity to create the electric field, and then detects the capacitance. In simple terms, modern fingerprint scanners can be very precise, accurate, and used even when you have dirty fingers.

When you use the iPhone 5S, all you’ll have to do is swipe your finger on the home button to unlock the device. The demo was very nicely done, but of course this was in a controlled environment. Fingerprint scanners are notoriously difficult to get right, but the technology exists to make it possible, and its unlikely Apple would release such a crucial piece of technology if it had a high failure rate.

The convenience aspect is undeniable, no more need to enter in a PIN or password every time you want to unlock your phone. Apple says that this will be used elsewhere as well, such as to unlock your iTunes account when making a purchase. Apps will be able to access your fingerprint authentication as part of the iOS key chain, although they won’t have access to the fingerprint data itself, and a fingerprint scanner makes a great second factor when dealing with multi-factor authentication.

But how secure is this system, really? The first question everyone had was whether the phone would store and transmit a picture of your fingerprint. Of course, there is never an actual picture being taken. The scanner itself only needs what’s called a fingerprint template, a text file that describes your finger. Apple also says that this template will not be sent over the net and simply reside on your phone.

But there’s always the possibility of someone stealing your phone and getting your fingerprint. If your biometric information gets in the wild, it’s not like a password. You can’t reset or change it. And this isn’t just speculation, either. In 2011, millions of Israeli had their biometric data stolen when a hacker got inside of the Welfare Ministry. Just a few days after the iPhone 5S got released, someone managed to get a cat to register its fingerprint and successfully unlock it.

But there are ways to protect against that. A fingerprint template can be hashed in the same way a password is. Most modern servers don’t keep your password on file, not even an encrypted version. They only store a hash. This is a one-way function that converts the information about your finger into a hash value, a string of letters and numbers. It’s not possible to convert that hash back into your biometric data. This means even if your phone gets stolen, and someone manages to get inside, your fingerprint data should be secure. When the scanner wants to authenticate you, it scans your finger, hashes the result, and then compares it. We don’t know for sure this is how the iPhone 5S will operate, but since Apple does this for current passwords, it’s a likely scenario.

So, does this make a fingerprint much more secure than a PIN or password? Yes and no.

On one hand, a fingerprint is basically impossible to guess. You can’t brute force it, and you can’t start at 0 0 0 0 and try all the numbers possible until 9 9 9 9. However, unlike a password, everyone knows where to find your fingerprint. If you get mugged, or stopped by corrupted officers of a totalitarian regime, you can refuse to give them your passwords. They may torture you, but unless you tell them, they have no choice but try and break it somehow. If you’re there with your phone, it’s pretty easy for anyone stronger than you to force you to unlock your phone. Can you imagine the type of underground market that could appear if most of our devices relied on fingerprints? A simple thumb could unlock your entire digital life. Scary stuff.

So, are we about to see fingerprint scanners appear on every device we own? I think there’s no doubt that if the iPhone 5S is a success, all Apple products will be fitted with a fingerprint scanner in the future. Apple likes to harmonize its own products, and this would be a no brainer. We also know that Apple often starts revolutions in the technology industry, like with the iPhone and iPad, so the likelihood is fairly high that if Apple sees some success with this, other companies will follow suite.

Right now, fingerprint scanners are available from various companies and for many purposes. Many companies use them to lock their more secure areas like server rooms, and you can even buy handheld USB scanners that you can plug into a desktop computer. But any type of biometric security has one major flaw - the fact that it relies on something permanently attached to you and cannot be changed.

It’s unlikely that we’ll ever find a realistic way to allow people to change their own fingerprints. This is what makes it so powerful, yet so problematic. If your fingerprint template gets into the wild, then it’s game over for good. You cannot change it, and you cannot get it back.

Already, we know companies and governments are building huge databases of biometric data. Simple things like getting a driver’s license in California requires your fingerprint, and already millions of people have this type of data in many computers already, with these databases being shared between agencies and even other countries.

Just recently, a company called Accenture was the latest to be awarded money from the U.S. Department of Homeland Security to set up sharing conduits for fingerprint data to be shared between the U.S. and other countries for anyone with a criminal record. This followed what the EU did just a few years ago, sharing both fingerprint and DNA data for everyone they had on record between the various countries. As IT professionals, we all know how the more out there data goes; the more likely it will be leaked.

In the end, I don’t believe a fingerprint scanner is a huge deal. It does have many short term benefits, like the convenience of having a locked device, yet being able to unlock it with a single swipe. But in the long term, it’s important to be careful with data like this. We can’t change our fingerprints, so the next time you go to Disneyland and find out that entry requires you to swipe your finger on a scanner, remember that this same data could be used to unlock your whole digital life and more.

Patrick Lambert is certified in many Microsoft products and has worked in diverse computer related fields such as customer support, software quality assurance and IT.